1 1. (Currently Amended) An apparatus comprising: 

2 at least one processor; 

3 a memory coupled to the at least one processor; 

4 first software residing in the memory and executed bv the at least one processor. 

5 the first software including a first user registry [residing in the memory] that contains a 

6 first user identity for a selected user that is used to authenticate the selected user to the 

7 first software : 

8 second software residing in the memory and executed bv the at least one 

9 processor, the second software including a second user registry [residing in the memory] 

10 that contains a second user identity for the selected user that is used to authenticate the 

1 1 selected user to the second software : and 

12 an identity mapping mechanism that provides a mapping between the first user 

1 3 identity and the second user identity. 



1 2. (Original) The apparatus of claim 1 wherein the first user registry comprises a user 

2 registry in a first processing environment. 



1 3. (Original) The apparatus of claim 2 wherein the second user registry comprises a user 

2 registry in a second processing environment that is different than the first processing 

3 environment. 

1 4. (Original) The apparatus of claim 1 wherein the identity mapping mechanism 

2 comprises: 

3 a directory service that contains a plurality of user identity mappings that correlate 

4 the first user identity in the first registry to the second user identity in the second registry, 

5 and that references the first and second user registries; and 

6 schema for the directory service that specifies relationships between a plurality of 

7 entries in the directory service, where at least one entry includes the user identity 

8 mappings. 



2 



1 5. (Original) The apparatus of claim 4 wherein the directory service comprises 

2 Lightweight Directory Access Protocol (LDAP). 

1 6. (Original) The apparatus of claim 1 further comprising a global identifier residing in 

2 the memory that corresponds to the selected user, and wherein the mapping comprises a 

3 first correlation between the first user identity and the global identifier and a second 

4 correlation between the second user identity and the global identifier. 
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1 7. (Currently Amended) An apparatus comprising: 

2 at least one processor; 

3 a memory coupled to the at least one processor; 

4 first software residing in the memory and executed by the at least one processor. 

5 the first software including a first user registry [residing in the memory] containing a first 

6 plurality of user identities that are used to authenticate users to the first software : 

7 second software residing in the memory and executed by the at least one 

8 processor, the second software including a second user registry residing in the memory 

9 containing a second plurality of user identities that are used to authenticate users to the 

10 second software ; 

1 1 a directory service that contains a plurality of user identity mappings that correlate 

12 a first user identity in the first user registry to a second user identity in the second user 

13 registry, and that references the first and second user registries; and 

14 schema for the directory service that specifies relationships between a plurality of 

15 entries in the directory service, where at least one entry includes the user identity 

16 mappings. 

1 8. (Original) The apparatus of claim 7 wherein the first user registry comprises a user 

2 registry in a first processing environment. 

1 9. (Original) The apparatus of claim 8 wherein the second user registry comprises a user 

2 registry in a second processing environment that is different than the first processing 

3 environment. 

1 10. (Original) The apparatus of claim 7 wherein the directory service comprises 

2 Lightweight Directory Access Protocol (LDAP). 
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1 11. (Original) The apparatus of claim 7 further comprising a global identifier residing in 

2 the memory that corresponds to the selected user, and wherein the mapping comprises a 

3 first correlation between the first user identity and the global identifier and a second 

4 correlation between the second user identity and the global identifier. 
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1 12. (Original) A networked computer system comprising: 

2 a network that interconnects a plurality of computer systems; 

3 a first computer system coupled to the network that includes a first user registry 

4 for a first processing environment that contains a first user identity for a selected user; 

5 a second computer system coupled to the network that includes a second user 

6 registry for a second processing environment that contains a second user identity for the 

7 selected user; and 

8 a mechanism coupled to the network that provides a mapping between the first 

9 user identity and the second user identity. 

1 13. (Original) The networked computer system of claim 12 wherein the first user registry 

2 comprises a user registry in a first processing environment. 

1 14. (Original) The networked computer system of claim 13 wherein the second user 

2 registry comprises a user registry in a second processing environment that is different 

3 than the first processing environment. 

1 15. (Original) The networked computer system of claim 12 further comprising a global 

2 identifier accessible via the network that corresponds to the selected user, and wherein the 

3 mapping comprises a first correlation between the first user identity and the global 

4 identifier and a second correlation between the second user identity and the global 

5 identifier. 
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1 16. (Currently Amended) A method for managing a plurality of user identities on a 

2 plurality of computer [system] systems coupled to a network, each user identity 

3 corresponding to a defined processing environment, the method comprising the steps of: 

4 providing an identity mapping mechanism that provides a mapping between a first 

5 user identity in a first user registry in first software and a second user identity in a second 

6 user registry in second software, wherein the first user identity is used to authenticate a 

7 selected user to the first software and the second user identity is used to authenticate the 

8 selected user to the second software : and 

9 invoking the identity mapping mechanism to determine the mapping between the 
10 first user identity and the second user identity. 

1 17. (Original) The method of claim 1 6 wherein the identity mapping mechanism 

2 comprises: 

3 a directory service that contains a plurality of user identity mappings that correlate 

4 the first user identity in the first registry to the second user identity in the second registry, 

5 and that references the first and second user registries; and 

6 schema for the directory service that specifies relationships between a plurality of 

7 entries in the directory service, where at least one entry includes the user identity 

8 mappings. 



1 18. (Original) The method of claim 17 wherein the directory service comprises 

2 Lightweight Directory Access Protocol (LDAP). 
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1 19. (Currently Amended) A method for correlating a plurality of user identities on a 

2 plurality of computer systems coupled to a network, the method comprising the steps of: 

3 generating a global identifier corresponding to a user; 

4 mapping a first user identity in a first user registry in first software to the global 

5 identifie r, wherein the first user identity is used to authenticate a selected user to the first 

6 software : and 

7 mapping a second user identity in a second user registry in second software to the 

8 global identifie r, wherein the second user identity is used to authenticate the selected user 

9 to the second software. 



1 20. (Currently Amended) A program product comprising: 

2 (A) an identity mapping mechanism that provides a mapping between: 

3 (Al) a first user identity for a selected user residing in a first user registry 

4 in first software, wherein the first user identity is used to authenticate a selected 

5 user to the first software : and 

6 (A2) a second user identity for the selected user residing in a second user 

7 registry in second software, wherein the second user identity is used to 

8 authenticate a selected user to the second software: and 

9 (B) computer-readable signal bearing media bearing the identity mapping 
10 mechanism. 

1 21. (Original) The program product of claim 20 wherein the signal bearing media 

2 comprises recordable media. 

1 22. (Original) The program product of claim 20 wherein the signal bearing media 

2 comprises transmission media. 

1 23. (Original) The program product of claim 20 wherein the first user registry comprises 

2 a user registry in a first processing environment. 

1 24. (Original) The program product of claim 23 wherein the second user registry 

2 comprises a user registry in a second processing environment that is different than the 

3 first processing environment. 
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25. (Original) The program product of claim 20 wherein the identity mapping mechanism 
comprises: 

a directory service that contains a plurality of user identity mappings that correlate 
the first user identity in the first registry to the second user identity in the second registry, 
and that references the first and second user registries; and 

schema for the directory service that specifies relationships between a plurality of 
entries in the directory service, where at least one entry includes the user identity 
mappings. 

26. (Original) The program product of claim 20 wherein the directory service comprises 
Lightweight Directory Access Protocol (LDAP). 

27. (Original) The program product of claim 20 wherein the identity mapping mechanism 
provides a mapping between the first user identity and the second user identity by creating 
a global identifier that corresponds to the selected user, and by generating a first 
correlation between the first user identity and the global identifier and a second 
correlation between the second user identity and the global identifier. 
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1 28. (Currently Amended) A program product comprising: 

2 (A) a directory service that contains a plurality of user identity mappings that 

3 correlate a first user identity in a first user registry in first software to a second user 

4 identity in a second user registry in second software, and that references the first and 

5 second user registries , wherein the first user identity is used to authenticate a selected user 

6 to the first software and the second user identity is used to authenticate the selected user 

7 to the second software : and 

8 (B) schema for the directory service that specifies relationships between a 

9 plurality of entries in the directory service, where at least one entry includes the user 

1 0 identity mappings; and 

1 1 (C) computer-readable signal bearing media bearing the directory service and the 

12 schema. 

1 29. (Original) The program product of claim 28 wherein the signal bearing media 

2 comprises recordable media. 

1 30. (Original) The program product of claim 28 wherein the signal bearing media 

2 comprises transmission media. 

1 31. (Original) The program product of claim 28 wherein the first user registry comprises 

2 a user registry in a first processing environment. 

1 32. (Original) The program product of claim 3 1 wherein the second user registry 

2 comprises a user registry in a second processing environment that is different than the 

3 first processing environment. 



1 33. (Original) The program product of claim 28 wherein the directory service comprises 

2 Lightweight Directory Access Protocol (LDAP). 
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34. (Original) The program product of claim 28 wherein the plurality of user identity 
mappings each comprise a mapping between the first user identity and a global identifier 
that corresponds to the selected user, and a mapping between the global identifier and the 
second user identity. 
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STATUS OF THE CLAIMS 



Claims 1-34 were originally filed in this patent application. In the pending office 
action, claims 1-34 were rejected under 35 U.S.C. § 102(a) as being unpatentable over 
U.S. Patent No. 5,764,745 to Chan et al (hereinafter "Chan"). No claim was allowed. In 
this amendment, claims 1, 7, 16, 19, 20 and 28 have been amended. Claims 1-34 are 
currently pending. 



13 



